Рекомендация Debian по безопасности
DSA-257-1 sendmail -- удалённая эксплуатация
- Дата сообщения:
- 04.03.2003
- Затронутые пакеты:
- sendmail, sendmail-wide
- Уязвим:
- Да
- Ссылки на базы данных по безопасности:
- В каталоге Mitre CVE: CVE-2002-1337.
База данных CERT по уязвимостям, предложениям и инцидентам: CA-2003-07, VU#398025. - Более подробная информация:
-
Марк Доуд (Mark Dowd) из ISS X-Force обнаружил ошибку в подпрограммах разбора заголовков sendmail. Она может привести к переполнению буфера при обработке адресов с очень длинными комментариями. Поскольку sendmail обрабатывает заголовки и при пересылке писем, эта уязвимость может затронуть даже такие почтовые сервера, которые не осуществляют доставку почты.
Эта проблема исправлена в выпуске исходной программы версии 8.12.8, пакете версии 8.12.3-5 в Debian GNU/Linux 3.0/woody и в пакете версии 8.9.3-25 в Debian GNU/Linux 2.2/potato.
DSA-257-2: Обновлённые пакеты sendmail-wide доступны как версии 8.9.3+3.2W-24 для Debian 2.2 (potato) и 8.12.3+3.5Wbeta-5.2 для Debian 3.0 (woody).
- Исправлено в:
-
Debian GNU/Linux 2.2 (potato)
- Исходный код:
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.diff.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.dsc
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.dsc
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.tar.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.dsc
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_alpha.deb
- arm (ARM):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_arm.deb
- --
- i386 (Intel IA-32):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_i386.deb
- m68k (Motorola 680x0):
- --
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_m68k.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_powerpc.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_sparc.deb
Debian GNU/Linux 3.0 (woody)
- Исходный код:
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.diff.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.dsc
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.dsc
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.diff.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.dsc
- Независимые от архитектуры компоненты:
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-5_all.deb
- alpha (DEC Alpha):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_alpha.deb
- arm (ARM):
- --
- --
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_arm.deb
- --
- hppa (HP PA RISC):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_hppa.deb
- i386 (Intel IA-32):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_i386.deb
- ia64 (Intel IA-64):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_ia64.deb
- m68k (Motorola 680x0):
- --
- --
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_m68k.deb
- --
- mips (MIPS (Big Endian)):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_mips.deb
- mipsel (MIPS (Little Endian)):
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_mipsel.deb
- powerpc (PowerPC):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_powerpc.deb
- s390 (IBM S/390):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_s390.deb
- sparc (Sun SPARC/UltraSPARC):
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_sparc.deb
Контрольные суммы MD5 этих файлов доступны в исходном сообщении. (DSA-257-2)